"""auth 流程测试(不依赖真实极光,只测 sms mock 路径 + JWT 闭环)。""" from __future__ import annotations def test_sms_login_and_me_flow(client) -> None: """sms_send → sms_login → 用 access_token 调 /me 拿到自己。""" phone = "13800138000" # 1. 发短信(mock,任意 6 位均通过) r = client.post("/api/v1/auth/sms/send", json={"phone": phone}) assert r.status_code == 200, r.text body = r.json() assert body["sent"] is True assert body["mock"] is True # 2. 登录 r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "123456"}) assert r.status_code == 200, r.text data = r.json() assert "access_token" in data assert "refresh_token" in data assert data["user"]["phone"] == phone assert data["user"]["register_channel"] == "sms" access = data["access_token"] refresh = data["refresh_token"] # 3. /me r = client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {access}"}) assert r.status_code == 200, r.text assert r.json()["phone"] == phone # 4. /me 不带 token → 401 r = client.get("/api/v1/auth/me") assert r.status_code == 401 # 5. 用 refresh 换新 token r = client.post("/api/v1/auth/refresh", json={"refresh_token": refresh}) assert r.status_code == 200, r.text assert "access_token" in r.json() # 6. 用 access 当 refresh 拒绝(防 token 类型混用) r = client.post("/api/v1/auth/refresh", json={"refresh_token": access}) assert r.status_code == 401 # 7. logout r = client.post("/api/v1/auth/logout", headers={"Authorization": f"Bearer {access}"}) assert r.status_code == 200 assert r.json()["ok"] is True def test_sms_send_too_frequent(client) -> None: phone = "13900139000" r1 = client.post("/api/v1/auth/sms/send", json={"phone": phone}) assert r1.status_code == 200 r2 = client.post("/api/v1/auth/sms/send", json={"phone": phone}) assert r2.status_code == 429 def test_sms_login_bad_code(client) -> None: """mock 模式下,5 位通过 schema 长度校验,但业务层只接受 6 位 → 400。""" phone = "13700137000" client.post("/api/v1/auth/sms/send", json={"phone": phone}) r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "12345"}) assert r.status_code == 400 assert "invalid sms code" in r.json()["detail"] def test_phone_format_validation(client) -> None: r = client.post("/api/v1/auth/sms/send", json={"phone": "1234567"}) assert r.status_code == 422